MediaWiki-announce December 2005

mediawiki-announce@lists.wikimedia.org

1 participants
2 discussions

MediaWiki 1.5.4 released
by Brion Vibber 22 Dec '05

22 Dec '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.5.4 is a security and bugfix maintenance release. A hardcoded internal placeholder string has been replaced with a random one. This closes a hole where security checks in inline style attributes could be bypassed, injecting JavaScript code that could execute in Microsoft Internet Explorer. Other browsers would not be vulnerable. Several minor fixes are included in this release, most notably a fix to clear the "you have new messages" flag properly for usernames containing spaces when e-mail notification is enabled. See the changelog at the end of the release notes for a full list of fixes. Release notes: http://sourceforge.net/project/shownotes.php?release_id=379951 Download: http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.4.tar.gz?download MD5 checksum: c5cff706c4d2fc8dd5aabd10f1714be0 mediawiki-1.5.4.tar.gz SHA-1 checksum: 12ccdbdd295152937595d4a00c41ae156bf19015 mediawiki-1.5.4.tar.gz Before asking for help, try the FAQ: http://meta.wikimedia.org/wiki/MediaWiki_FAQ Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikimedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com / brion @ wikimedia.org) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDqfJ+wRnhpk1wk44RAodbAKCP6RPb2vysJTeUMMMq5eT9EXUkUgCfXzKL mL8OeBGrSnXpPWteNI42ylI= =oCrk -----END PGP SIGNATURE-----

1 0

MediaWiki 1.5.3 released [SECURITY]
by Brion Vibber 04 Dec '05

04 Dec '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.5.3 is a security and bugfix maintenance release. Validation of the user language option was broken by a code change in May 2005, opening the possibility of remote code execution as this parameter is used in forming a class name dynamically created with eval(). The validation has been corrected in this version. All prior 1.5 release and prerelease versions are affected; 1.4 and earlier and not affected. Additionally several bugs have been fixed; see the changelog in the release notes for a complete list. Release notes: http://sourceforge.net/project/shownotes.php?release_id=375755 Download: http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.3.tar.gz?download MD5 checksum: fc697787f04208d1842a2c646deca626 mediawiki-1.5.3.tar.gz SHA-1 checksum: 070189e29ace2ef9ab0589db42ecf849f2b88ee5 mediawiki-1.5.3.tar.gz Before asking for help, try the FAQ: http://meta.wikimedia.org/wiki/MediaWiki_FAQ Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikimedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com / brion @ wikimedia.org) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDktOvwRnhpk1wk44RAi/tAJ9NlfTJTqW+9xTC6xaeOple14hFLQCgpyBn /hIyYleol9gFbHfMgzJCyy8= =fdzu -----END PGP SIGNATURE-----

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

MediaWiki-announce December 2005